Plone 6.0.1 released

Release notes for Plone 6.0.1

For technical wizards who want to jump straight in, here are two important links:


Major changes since 6.0.0:

  • Zope:
    • Set the published default Content-Type header to text/plain if none has been set explicitly to prevent a cross-site scripting attack. Also remove the old behavior of constructing an HTML page for published methods returning a two-item tuple. This fix was already included in Plone and
    • Various other packages have fixes for this to avoid regressions.
  • plone.restapi:
    • Internationalization of @users endpoint error messages.
    • Add pt_BR and fr translations.
  • plone.base: Add missing TinyMCE plugin autolink to selectable plugins.
  • Products.CMFPlone: When autologin after password reset is enabled (this is the default), use the same adapters as during normal login. Specifically: the IInitialLogin and IRedirectAfterLogin adapters.
  • plone.recipe.zope2instance: Add new option asyncore_use_poll to waitress config file. You might need this when you have fast-listen enabled, which is the default, and run into 100% cpu usage on all Plone instances. But investigation on that problem is ongoing.
  • More Zope community packages have gotten official, tested Python 3.11 support.

Volto frontend

The default frontend for Plone 6 is Volto. Latest release is 16.9.0. See the changelog.
Note that this is a JavaScript frontend that you need to run in a separate process with NodeJS.
The Classic UI is still available when you only run the Python process.

Python compatibility

This release supports Python 3.8, 3.9, 3.10, and 3.11.


For installation instructions, see the documentation.


If you find any issues, please report them in the main issue tracker.


Sorry, I forgot to check if the plone-backend Docker image was already available, which it is not. Should be there soon.

It is up on Docker since yesterday.